On 05 Aug 2012, at 10:39 PM, Stefan Fritsch wrote:
>>> This works as designed. Authentication will only be triggered if the
>>> end result depends on a valid user being present. The reason is to
>>> avoid a password dialogue if the access will be denied anyway.
>>
>> This breaks basic authentication though, because basic auth relies on that initial 401 Unauthorized to tell the client that a password is required. In this case, access would have been approved, not denied, but the client never got the opportunity to try log in as it was forbidden from the outset.
>>
>> Right now, I cannot get aaa to work in either a browser or in the webdav client for MacOSX with two require lines. In both cases, the user is forbidden immediately with no opportunity to log in.
>
> You mean you can't get "Require expr" to work. All other providers should work ok. Or do you have an example that does not involve "Require expr"?
Most specifically, as per my original mail, I can't get the following to work:
Require valid-user
Require expr %{note:mod_userdir_user} == %{REMOTE_USER}
Can you clarify what is special about the expr specifically that triggers forbidden instead of unauthorized?
Perhaps this is a bug inside the expr code.
Regards,
Graham
--